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This listing of claims will replace all prior versions and listings of claims in this 
application: 

Listing of Claims 

1. (Currently amended) A network comprising: 
a first network domain; 

a first routing device at a boundary between the first network domain and 
public internetworking fabric to route network traffic between the first 
network domain and the public internetworking fabric; 

a second routing device for routing network traffic out of and into the first 
network domain; and 

a monitor/regulator, either integrally disposed in said first routing device or 
coupled to the first routing device to monitor the network traffic routed by 
said first routing device and said second routing device by analyzing flow 
records, each describing a traffic conversation as indicated by a 
combination of source and destination addresses, received from the first 
routing device and the second routing device, the monitor/regulator 
determining if the first network domain is sourcing undesirable network 
traffic, including network traffic sourced directly out of the first network 
domain and also including network traffic sourced originally from third 
parties and subsequently going through the first network domain to the 
first routing device, the undesirable network traffic comprising a denial of 
service attack in which the undesirable network traffic is launched against 
a target network device in order to undermine the operation of that target 
network device by overwhelming the target network device with network 
traffic, out of or going through the first network domain based on the 
network traffic being routed by said first routing device and said second 
routing device, 

wherein said monitor/regulator makes said determination based at least in part 
on differential characteristics between request packets routed out of said 
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first network domain and response packets routed into the first network 
domain based on aggregated network traffic routed by the first routing 
device and the second routing device, and wherein said monitor/regulator 
instructs the first routing device and said second routing device to lower a 
priority of the undesirable network traffic that is being sourced from or 
going through the first network domain in response to making said 
determination that the first network domain is sourcing the undesirable 
network traffic . 

2. (Cancelled) 

3. (Previously presented) The network of claim 1, wherein said 
monitor/regulator infers said differential characteristics based on aggregated 
statistics of said network traffic routed out of said first network domain by said 
first routing device and said second routing device, and aggregated statistics of 
said network traffic routed into the first network domain by said first routing 
device and said second routing device. 

Claims 4-13. (Cancelled) 

14. (Currently amended) A network traffic regulation method comprising: 
monitoring network traffic routed by a first routing device of a first network 
domain; 

monitoring network traffic routed by a second routing device of said first 
network domain; 

determining if the first network domain is sourcing undesirable network traffic 
[[,]] is being sourced directly out of the first network domain or is sourced 
originally from third parties and subsequently passing through the first 
network domain to the first routing device, the undesirable network traffic 
comprising a denial of service attack in which the undesirable network 
traffic is launched against to a target network device in order to undermine 
the operation of that target network device by overwhelming the target 
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network device with network traffic, out of the first network domain, 
wherein the first network domain is determined to be sourcing or passing 
through undesirable network traffic by analysis of flow records describing 
traffic conversation, as indicated by a combination of source and 
destination addresses, received from the first routing device and the 
second routing device, which are positioned at a boundary between the 
first network domain and public internetworking fabric to route network 
traffic between the first network domain and the public internetworking 
fabric; 

wherein said determining comprises determining based at least in part on 
differential characteristics between request packets routed out of said 
network domain and response packets routed into the network domain 
based on aggregated network traffic routed by the first routing device and 
the second routing device; and 

lowering a priority of the undesirable network traffic that is being sourced 
from or passing through the first network domain and routed by said first 
networking network device and said second networking network device in- 
rosponso to making said determination that the first network domain is 
sourcing the undesirable network traffic . 

15. (Cancelled) 

16. (Previously presented) The method of claim 14, wherein said determining 
comprises inferring said differential characteristics based on aggregated statistics 
of said network traffic routed out of said first network domain by said first routing 
device and said second routing device, and aggregated statistics of said network 
traffic routed into the first network domain by said first routing device and said 
second routing device. 

Claims 17-41. (Cancelled) 
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42. (Currently amended) The network of claim 1, wherein said monitor/regulator 
generates statistics concerning destination addresses and determines whether the 
first network domain is sourcing or passing through undesirable network traffic 
based on said statistics. 

43. (Currently amended) The network of claim 1, wherein said monitor/regulator 
generates statistics concerning lengths of packets and determines whether the first 
network domain is sourcing or passing through undesirable network traffic based 
on said statistics. 

44. (Currently amended) The network of claim 1, wherein said monitor/regulator 
generates statistics concerning distributions of time to live values and determines 
whether the first network domain is sourcing or passing through undesirable 
network traffic based on said statistics. 

45. (Currently amended) The network of claim 1, wherein said monitor/regulator 
tracks differences between outbound transmission control protocol (TCP) 
synchronize (SYN) and finish (FIN) packets and inbound response packets and 
determines whether the first network domain is sourcing or passing through 
undesirable network traffic based on said differences 

46. (Cancelled) 

47. (Previously presented) The network of claim 1, wherein said 
monitor/regulator instructs said first routing device and said second routing device 
to slow the undesirable network traffic. 

48. (Currently amended) A network comprising: 
a first network domain; 

a second network domain; 

a first routing device at a boundary between the first network domain and 
public internetworking fabric to route network traffic between the first 
network domain and the public internetworking fabric; and 
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-a- said second network domain including a second routing device for routing 
network traffic out of and into the second network domain; 

a monitor/regulator that monitors the network traffic routed by said first 
routing device and said second routing device, and determines if 
undesirable network traffic is being sourced out of the first or the second 
network domains or is sourced originally from third parties and 
subsequently passes through the first or the second network domains, a£- 
least a selected one of the first and second network domains is sourcing 
undesirable network traffic out of the selected one of the first and second 
network domains based on network traffic characteristics observed of 
network traffic routed through said first and second routing devices; 

wherein said monitor/regulator, upon determining said undesirable network 
traffics arc being sourced out of at least a selected one of said first and 
second network domains , lowers a threshold for concluding that 
undesirable network traffic are being sourced out of an other one of said 
first and second network domains out of the first or the second network 
domains including being sourced originally from third parties and 
subsequently passing through the first or the second network domains . 

49-50. (Cancelled) 

51. (Currently amended) The method of claim 14, further comprising generating 
statistics concerning destination addresses and determining whether the first 
network domain is sourcing or passing through undesirable network traffic based 
on said statistics. 

52. (Currently amended) The method of claim 14, further comprising generating 
statistics concerning lengths of packets and determining whether the first network 
domain is sourcing or passing through undesirable network traffic based on said 
statistics. 
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53. (Currently amended) The method of claim 14, further comprising generating 
statistics concerning distributions of time to live values and determining whether 
the first network domain is sourcing or passing through undesirable network 
traffic based on said statistics. 

54. (Currently amended) The method of claim 14, further comprising tracking 
differences between outbound TCP SYN and FIN packets and inbound response 
packets and determining whether the first network domain is sourcing or passing 
through undesirable network traffic based on said differences 

55-57. (Cancelled) 

58. (Currently amended) A network comprising: 
a network domain which is a local area network; 

a routing device in the local area network at a boundary between the local area 
network and public internetworking fabric to route network traffic 
between the network domain and the public internetworking fabric; and 

a monitor/regulator, either integrally disposed in said routing device or coupled 
to the routing device, to monitor the network traffic routed by said routing 
device by analyzing flow records describing traffic conversation as 
indicated by a combination of source and destination addresses received 
from the routing device, the monitor/regulator determining if the network 
domain is sourcing undesirable network traffic , including network traffic 
sourced out of the network domain and also including network traffic 
sourced originally from third parties and subsequently going through the 
network domain to the routing device that is originating in the network 
domain and being routed out of the network domain by the routing device , 
the monitor/regulator generating statistics concerning destination 
addresses to determine whether the network domain is sourcing or passing 
through the undesirable network traffic, wherein said monitor/regulator 
instructs the routing device to lower a priority of the undesirable network 
traffic and/or slow the undesirable network traffic; 
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wherein the undesirable network traffic comprises a denial of service attack in 
which the undesirable network traffic is launched against a target network 
device in order to undermine the operation of that target network device 
by overwhelming the target network device with network traffic, out of 
the network domain, 

wherein said monitor/regulator makes said determination based on differential 
characteristics of network traffic routed out of or passing through said 
network domain relative to network traffic routed into said network 
domain and aggregates said differential characteristics based on 
differential characteristics between request packets routed out of said 
network domain, and response packets routed into the network domain 
and wherein said monitor/regulator instructs the routing device to lower a 
priority of the undesirable network traffic that is being sourced from or 
passing through the network domain in response to making said 
determination that the network domain is sourcing the undesirable 
network traffic, and wherein upon determining undesirable network 
traffics arc being sourced out of a different network domain, lowering a 
threshold for concluding that undesirable network traffic are being 
sourced out of said network domain . 

59. (Cancelled) 
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